Central Troubleshooting Radius -IAP

Aruba Employee
Aruba Employee
Question   Central Troubleshooting Radius -IAP?


How it works:-


RADIUS server is used in an Aruba Central based IAP network for multiple types of authentication such as Captive Portal, 802.1x and MAC based Auth. 
The auth server is pre-configured using Aruba Central which includes Server Name, IP Address, Shared Key, Auth/Accnt port, Timeout & Retry count.
Once configured, the server is referenced while creating an ESSID for various L2/L3 auth types as mentioned earlier.



How to configure:-



In Aruba Central, Go To Configuration > Security and select ‘Authentication Servers’ – Click on ‘New’




Set the authentication server type as ‘RADIUS:-





Configure the Auth-server name, we have used ‘Radius_Server’ in this example.
Also, complete the configuration by providing the appropriate Server IP Address, 
Auth Port, Accounting Port, Shared Key (Needs to match the key configured on the server side),
NAS IP & ID are optional.
Once done, select ‘Save Server’.
Troubleshooting RADIUS Issues:


If a specific RADIUS server is found to fail authentication, the support command ‘AP Authentication Frames’ can be used.
In the below example – we see that the RADIUS server has rejected an 802.1x auth request due to the error ‘Server out-of-service’, this shows that the RADIUS server has not responded to the Auth requests initiated by IAP.


AP RADIUS Statistics commands provides an overview of the number of servers which are currently in service, total count and type of access requests/reject, queries and timeout messages




List of all VC RADIUS attributes can be viewed using:-






RADIUS status overview can be performed using ‘show radius-servers support’



Version history
Revision #:
1 of 1
Last update:
‎07-02-2014 03:39 PM
Search Airheads
Showing results for 
Search instead for 
Did you mean: